A team of researchers has converted a smart vacuum cleaner into a microphone that can record nearby conversations. The technique is named ‘LidarPhone’ in which the vacuum's built-in LiDAR laser-based navigational component is converted into a laser microphone. It has been successfully tested on Xiaomi Roborock.
What the research says
The attack is very complex and the attacker would need to meet certain conditions, such as an already compromised device. In addition, the attacker must be on the victim’s local network to carry out the attack.
- To perform an attack using this technique, the attacker needs to have malware or a compromised update process to tamper with the vacuum's firmware to gain complete control over the LiDAR component.
- By having tampered with firmware, the hacker can stop the vacuum LiDAR from rotating, which reduces the number of data points for collecting data. Now, it can be focused on only one nearby object at a time, from where it could record sound waves.
- LiDAR components are not as accurate as surveillance-grade laser microphones. To overcome this problem, the signals can be boosted for improved quality.
Is it a serious threat?
This technique is very complex and needs several prerequisites.
- According to researchers, this attack technique is just a demonstration of how the security and design of future smart vacuum robots can be exploited.
- Researchers tested the LidarPhone attack with multiple objects, by changing the distance between the robot and the object, along with the distance between the sound origin and the object, in which researchers managed to recover numeric values with 90% accuracy.
This technique showed that with a focused motive and resources, even a normal household gadget can be misused for malicious purposes. Therefore, experts suggest some countermeasures such as shutting down the LiDAR component if it's not rotating or reducing the signal-to-noise ratio of the LiDAR signal.